utility to parse bower and npm packages used in a project and generate an attribution file to include in your product
npm i -g @metamask/oss-attribution-generator
cd pathToYourProject
generate-attribution
git add ./oss-attribution
git commit -m 'adding open source attribution output from oss-attribution-generator'
(This feature is currently only supported for Node projects)
For Node.js projects that use other Node.js projects located in different directories, the -b
option can be used to provide a variable number of input directories. Each of the input directories are processed, and any duplicate entries (dependencies with same name and version number) are combined to produce a single attribution text.
cd pathToYourMainProject
generate-attribution -b pathToYourMainProject pathToYourFirstProjectDependency pathToYourSecondProjectDependency
git add ./oss-attribution
git commit -m 'adding open source attribution output from oss-attribution-generator'
Use the --help
argument to get further usage details about the various program arguments:
generate-attribution --help
Sometimes, you may have an "internal" module which you/your team developed, or a module where you've arranged a special license with the owner. These wouldn't belong in your license attributions, so you can ignore them by creating an overrides.json
file like so:
{
"signaling-agent": {
"ignore": true
}
}
Other times, you may need to supply your own text for the purpose of the attribution/credits. You have full control of this in the overrides.json
file as well:
{
"some-package": {
"name": "some-other-package-name",
"version": "1.0.0-someotherversion",
"authors": "some person",
"url": "https://thatwebsite.com/since/their/original/link/was/broken",
"license": "MIT",
"licenseText": "you can even override the license text in case the original contents of the LICENSE file were wrong for some reason"
}
}
Like most software, this component is built on the shoulders of giants; oss-attribution-generator was inspired in part by the following work: